Forum Discussion
ismylaw
Mar 07, 2022Copper Contributor
Mail Redirect In Sentinel.
Hello,
I'm new to Sentinel and I'm working on a project about email forwarding by users.
I need help writing a kql query to find out if email users are forwarding internally, or externally.
Any help will be very helpful.
- ismylawCopper ContributorThank you Clive for the response and I did see the example. However, when I ran the query, it is not fetching any data. I know for sure that two rules were created on 03/02 by two users. Based on the below alert.
An informational alert has been triggered
⚠ Creation of forwarding/redirect rule
Severity: ● Informational
Time: 3/2/2022 3:15:00 PM (UTC)
Activity: MailRedirect
User: Email address removed
Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.